Configure Transport Level Security over tcp in a cross domain environment

28 views Asked by At

I'm trying to implement transport level security for WCF services.
My application architecture is as follows:
WCF service is hosted as windows service in domainA.
Client is a WinForms application in DomainB.
Since it's a cross domain scenario, I have to use certificates for authenticating client and service so they can establish a secure connection.
My understanding is I need 3 certificates to achieve this:

  1. Service certificate - authenticates the service to the client.
    Should be installed in Local Machine --> Trusted Root Certificates store on a service machine.
  2. Certificate authority - a certificate that can be used to issue user specific certificates. Where should this one be installed? Service or client machine?
  3. User certificate.
    Should be installed in Current User --> Trusted Root Certificate on a client machine.

I couldn't find any examples on the web that use certifcate authentication over tcp protocol. I could only find https examples with services hosted in IIS.
Any reference to a tcp scenario is greatly appreciated.
Are my assumptions correct?
Where should I install the Certificate Authority certificate (item 2)?
Are there other, easier approaches besides using certificates to accomplish transport level security over tcp in a cross domain environments?
Thank you in advance.

0

There are 0 answers